FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 08-31-2012, 05:38 PM
Alberto Viana
 
Default SSL connection based on cert

Hi,
Im tyring to test a SSL connection from one server(linux) to 389DS using openssl:

openssl s_client -connect MY_389_SERVER:636 -cert local_server.crt -key local_server.key -CAfile CA-AD.crt*


And I got this error on my 389DS log:
[31/Aug/2012:14:04:57 -0300] conn=146531 Netscape Portable Runtime error -8101 (Certificate type not approved for application.); unauthenticated client E=email@email.com,CN=server.my.domain,OU=GTI,O=COM PANY,L=Rio de Janeiro,ST=Rio de Janeiro,C=BR; issuer CN=MY AD




The both certificates (my 389DS and local server(linux) were generated by my AD Server. Just to notify that I already import my CA certificate into 389 database (I have AD password replication working using the AD CA).




What am I missing?
Thanks a lot.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 08-31-2012, 05:44 PM
Rich Megginson
 
Default SSL connection based on cert

On 08/31/2012 11:38 AM, Alberto Viana wrote:
Hi,



Im tyring to test a SSL connection from one server(linux) to
389DS using openssl:






openssl s_client -connect MY_389_SERVER:636 -cert
local_server.crt -key local_server.key -CAfile CA-AD.crt*



And I got this error on my 389DS log:




[31/Aug/2012:14:04:57 -0300] conn=146531 Netscape Portable
Runtime error -8101 (Certificate type not approved for
application.); unauthenticated client E=email@email.com,CN=server.my.domain,OU=GTI,O=COM PANY,L=Rio
de Janeiro,ST=Rio de Janeiro,C=BR; issuer CN=MY AD










The both certificates (my 389DS and local server(linux) were
generated by my AD Server. Just to notify that I already import
my CA certificate into 389 database (I have AD password
replication working using the AD CA).









What am I missing?



Is your server cert (local_server.crt) also approved to be used as a
client cert?



openssl x509 -in local_server.crt -text







Thanks a lot.





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 05:30 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org